PT-2010-5684 · Centos+3 · Centos+3

Dan Rosenberg

·

Published

1970-01-01

·

Updated

2020-08-12

·

CVE-2010-4080

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6.9 SUSE Linux Enterprise kernel-kdumppae-debuginfo (affected versions not specified) SUSE Linux Enterprise kernel-vmipae-debuginfo (affected versions not specified) Red Hat Enterprise Linux kernel-devel-2.6.9 Red Hat Enterprise Linux kernel-2.6.9 Red Hat Enterprise Linux kernel-hugemem-2.6.9 Red Hat Enterprise Linux kernel-hugemem-devel-2.6.9 Red Hat Enterprise Linux kernel-largesmp-2.6.9 Red Hat Enterprise Linux kernel-largesmp-devel-2.6.9 Red Hat Enterprise Linux kernel-smp-2.6.9 Red Hat Enterprise Linux kernel-smp-devel-2.6.9 Red Hat Enterprise Linux kernel-doc-2.6.9 CentOS kernel-devel-2.6.9 CentOS kernel-2.6.9 CentOS kernel-hugemem-2.6.9 CentOS kernel-hugemem-devel-2.6.9 CentOS kernel-largesmp-2.6.9 CentOS kernel-largesmp-devel-2.6.9 CentOS kernel-smp-2.6.9 CentOS kernel-smp-devel-2.6.9 CentOS kernel-doc-2.6.9
Description The issue affects the Linux kernel and can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of the vulnerabilities can be done remotely. The snd hdsp hwdep ioctl function in the Linux kernel does not initialize a certain structure, allowing local users to obtain potentially sensitive information from kernel stack memory via an SNDRV HDSP IOCTL GET CONFIG INFO ioctl call.
Recommendations For Linux kernel version 2.6.9, update to a version prior to 2.6.36-rc6. For SUSE Linux Enterprise kernel-kdumppae-debuginfo, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SUSE Linux Enterprise kernel-vmipae-debuginfo, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Red Hat Enterprise Linux kernel-devel-2.6.9, kernel-2.6.9, kernel-hugemem-2.6.9, kernel-hugemem-devel-2.6.9, kernel-largesmp-2.6.9, kernel-largesmp-devel-2.6.9, kernel-smp-2.6.9, kernel-smp-devel-2.6.9, kernel-doc-2.6.9, update to a version prior to 2.6.36-rc6. For CentOS kernel-devel-2.6.9, kernel-2.6.9, kernel-hugemem-2.6.9, kernel-hugemem-devel-2.6.9, kernel-largesmp-2.6.9, kernel-largesmp-devel-2.6.9, kernel-smp-2.6.9, kernel-smp-devel-2.6.9, kernel-doc-2.6.9, update to a version prior to 2.6.36-rc6. As a temporary workaround, consider disabling the snd hdsp hwdep ioctl function until a patch is available.

Memory Corruption

Information Disclosure

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-200CWE-400

Related Identifiers

BDU:2015-04589
BDU:2015-04590
BDU:2015-06240
BDU:2015-06252
BDU:2015-06256
BDU:2015-06261
BDU:2015-06262
BDU:2015-06266
BDU:2015-06267
BDU:2015-06270
BDU:2015-06271
BDU:2015-08630
BDU:2015-08631
BDU:2015-08632
BDU:2015-08633
BDU:2015-08634
BDU:2015-08635
BDU:2015-08636
BDU:2015-08637
BDU:2015-08638
CVE-2010-4080
DSA-2126-1
RHSA-2010:0958
RHSA-2011:0007
RHSA-2011:0017
RHSA-2011:0162
RHSA-2011_0007
RHSA-2011_0017
RHSA-2011_0162

Affected Products

Centos
Linux Kernel
Red Hat
Suse Linux Enterprise